Re: [rt-users] Can't login to RT using Active Directory

2016-09-14 Thread fleon 
I added the domain to the username in RT's configuration, restarted apache
and now it works. Don't know if it's because it's needed or just because i
restarted apache, though i did that earlier and didn't work.

I don't think anything changed in AD for it to require the full username,
maybe a windows update changed that, i don't know. Thanks



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539p62542.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Can't login to RT using Active Directory

2016-09-14 Thread fleon 
It works, with the caveat that i have to put the full username
(u...@mycompany.com) for it to work.

I tried to use the same tactic in RT but still same error.

MYUSER in RT's configuration is without the domain name. Should i edit and
try? I have never needed to do that before



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539p62541.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Can't login to RT using Active Directory

2016-09-14 Thread Daniel Schwager 
Hi,

> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.

try ldapsearch to connect to your AD like

ldapsearch -x -H ldap://192.168.100.5:389 -D MYUSER -w MYPASS -b 
"dc=yourdomain,dc=com" "cn=Administrator"

Best regards
Daniel


> -Original Message-
> From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
> fleon
> Sent: Wednesday, September 14, 2016 4:25 PM
> To: rt-users@lists.bestpractical.com
> Subject: [rt-users] Can't login to RT using Active Directory
> 
> I have been able to use Active Directory as authentication with the
> ExternalAuth plugin, both before and after it was integrated in RT 4.4.
> 
> But today it isn't allowing anyone in, and this is shown in the error logs:
> 
> [8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
> 192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
> [8629] [Wed Sep 14 15:29:31 2016] [critical]:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_CREDENTIALS 49
> (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678)
> 
> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.
> 
> I am also sure nothing has changed on AD itself or in RT's configuration,
> however this is my current ExternalAuth configuration:
> Set($ExternalAuth, 1);
> Set($ExternalAuthPriority,  [   'My_LDAP']);
> Set($ExternalInfoPriority,  [   'My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS,0);
> Set($AutoCreateNonExternalUsers,1);
> Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });
> 
> Set($ExternalSettings,
> {
> 'My_LDAP'   =>  {
> 'type'  =>  'ldap',
>  'server'=>  '192.168.100.5',
> 'user'  =>  'MYUSER',
>  'pass'=>  'MYPASS',
>  'base'  =>  'dc=mycompany,dc=com',
> 'filter'=>  '(objectClass=person)',
> 'd_filter'  =>  '(objectClass=FooBarBaz)',
> 'tls'   =>  0,
> 'ssl_version'   =>  3,
> 'net_ldap_args' => [version =>  3   ],
> 'attr_match_list'   => ['Name',
>   'EmailAddress'
>   ],
> 'attr_map'  =>  {   'Name' => 'sAMAccountName',
>   'EmailAddress' => 'mail',
>   'Organization' => 'physicalDeliveryOfficeName',
>   'RealName' => 'displayName',
> 'Gecos' => 'sAMAccountName',
>  'WorkPhone' => 'telephoneNumber',
>   'Address1' => 'description',
>   'City' => 'l',
>   'State' => 'st',
>'Zip' => 'postalCode',
>'Country' => 'co'
>}
>}
>  }
> );
> 
> I am using debian 8 jessie with RT 4.4.1. Thanks
> 
> 
> 
> 
> 
> 
> 
> 
> --
> View this message in context: 
> http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-
> Directory-tp62539.html
> Sent from the Request Tracker - User mailing list archive at Nabble.com.
> -
> RT 4.4 and RTIR training sessions, and a new workshop day! 
> https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017


smime.p7s
Description: S/MIME cryptographic signature
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

[rt-users] Can't login to RT using Active Directory

2016-09-14 Thread fleon 
I have been able to use Active Directory as authentication with the
ExternalAuth plugin, both before and after it was integrated in RT 4.4.

But today it isn't allowing anyone in, and this is shown in the error logs:

[8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
[8629] [Wed Sep 14 15:29:31 2016] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678)

I'm 100% sure i am using the correct password, i even tried other test
accounts i have and know they can authenticate against AD just fine.

I am also sure nothing has changed on AD itself or in RT's configuration,
however this is my current ExternalAuth configuration:
Set($ExternalAuth, 1);
Set($ExternalAuthPriority,  [   'My_LDAP']);
Set($ExternalInfoPriority,  [   'My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,0);
Set($AutoCreateNonExternalUsers,1);
Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });

Set($ExternalSettings,
{
'My_LDAP'   =>  {
'type'  =>  'ldap',
 'server'=>  '192.168.100.5',
'user'  =>  'MYUSER',
 'pass'=>  'MYPASS',
 'base'  =>  'dc=mycompany,dc=com',
'filter'=>  '(objectClass=person)',
'd_filter'  =>  '(objectClass=FooBarBaz)',
'tls'   =>  0,
'ssl_version'   =>  3,
'net_ldap_args' => [version =>  3   ],
'attr_match_list'   => ['Name',
  'EmailAddress'
  ],
'attr_map'  =>  {   'Name' => 'sAMAccountName',
  'EmailAddress' => 'mail',
  'Organization' => 'physicalDeliveryOfficeName',
  'RealName' => 'displayName',
'Gecos' => 'sAMAccountName',
 'WorkPhone' => 'telephoneNumber',
  'Address1' => 'description',
  'City' => 'l',
  'State' => 'st',
   'Zip' => 'postalCode',
   'Country' => 'co'
   }
   }
 }
);

I am using debian 8 jessie with RT 4.4.1. Thanks








--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017